Summary: A Multifaceted Approach to Understanding the Botnet
Phenomenon
Moheeb Abu Rajab Jay Zarfoss Fabian Monrose Andreas Terzis
Department of Computer Science, Johns Hopkins University
Baltimore, Maryland, USA
moheeb@cs.jhu.edu, zarfide@gmail.com, fabian@cs.jhu.edu, terzis@cs.jhu.edu
ABSTRACT
The academic community has long acknowledged the existence of
malicious botnets, however to date, very little is known about the
behavior of these distributed computing platforms. To the best of
our knowledge, botnet behavior has never been methodically stud-
ied, botnet prevalence on the Internet is mostly a mystery, and the
botnet life cycle has yet to be modeled. Uncertainty abounds. In
this paper, we attempt to clear the fog surrounding botnets by con-
structing a multifaceted and distributed measurement infrastruc-
ture. Throughout a period of more than three months, we used this
infrastructure to track 192 unique IRC botnets of size ranging from
a few hundred to several thousand infected end-hosts. Our results
show that botnets represent a major contributor to unwanted In-
ternet traffic--27% of all malicious connection attempts observed